home

vroot_setup.exe

Fileangels

This adware bundler is distributed through Adknowledge's advertising supported software managers. The application vroot_setup.exe, “Premium Installer ” by Fileangels has been detected as adware by 35 anti-malware scanners. The program is a setup application that uses the Adknowledge Fusion installer. This program installs potentially unwanted software on your PC at the same time as the software you are trying to install, without adequate consent. The file has been seen being downloaded from www.needrom.com.
Publisher:
Premium Installer   (signed by Fileangels)

Product:
Premium Installer

Description:
Premium Installer

Version:
2.4.8.1

MD5:
a600e8297f98816c546b308eb81eaeeb

SHA-1:
8fd7935fb2dcbaba5462dce0cfbc8d6b21ae335b

SHA-256:
e56fe177862b0e0193c05ec8374efa8afa23b65055e035f22af4f122b008f0bf

Scanner detections:
35 / 68

Status:
Adware

Explanation:
This installer bundles various adware prorgams that may include toolbars and web browser advertising injectors/extensions.

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
12/26/2024 4:05:47 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Application.Bundler.25
508

AhnLab V3 Security
PUP/Win32.IBryte
2015.09.02

Avira AntiVirus
ADWARE/iBryte.bxpc
8.3.2.2

Arcabit
Trojan.Application.Bundler.25
1.0.0.425

avast!
Win32:PUP-gen [PUP]
2014.9-150914

AVG
AdPlugin
2016.0.2986

Baidu Antivirus
Adware.Win32.Agent
4.0.3.15914

Bitdefender
Gen:Variant.Application.Bundler.25
1.0.20.1285

Bkav FE
W32.HfsAdware
1.3.0.6979

Clam AntiVirus
Win.Adware.Ibryte-6266
0.98/21511

Comodo Security
Application.Win32.iBryte.KO
23150

Dr.Web
Trojan.iBryte.521
9.0.1.0257

ESET NOD32
Win32/Adware.iBryte.BQ (variant)
9.12189

Fortinet FortiGate
W32/Badur.AY!tr
9/14/2015

F-Prot
W32/A-fc589d0e
v6.4.7.1.166

F-Secure
Gen:Variant.Application.Bundler
11.2015-14-09_2

G Data
Gen:Variant.Application.Bundler.25
15.9.25

herdProtect (fuzzy)
variant of setup.exe (Adware)
2015.11.8.14

K7 AntiVirus
Adware
13.2017089

Kaspersky
not-a-virus:AdWare.Win32.iBryte
14.0.0.1426

Malwarebytes
PUP.Optional.IBryte
v2015.09.14.08

McAfee
IBryte-FSO
5600.6642

MicroWorld eScan
Gen:Variant.Application.Bundler.25
16.0.0.771

NANO AntiVirus
Trojan.Win32.Badur.dijrwz
0.30.24.3283

nProtect
Trojan-Clicker/W32.iBryte.80752
15.09.02.01

Panda Antivirus
Trj/Chgt.N
15.09.14.08

Qihoo 360 Security
HEUR/QVM10.1.Malware.Gen
1.0.0.1015

Quick Heal
TrojanDwnlder.Genome.D4
9.15.14.00

Reason Heuristics
PUP.Adknowledge.Fileangels.Bundler (M)
15.9.14.20

Sophos
iBryte Optimum Installer (PUA)
4.98

Total Defense
Win32/Tnega.SJeYPVB
37.1.62.1

Trend Micro
TROJ_GEN.R002C0EE215
10.465.14

Vba32 AntiVirus
AdWare.iBryte
3.12.26.4

VIPRE Antivirus
Optimum Installer
43400

Zillya! Antivirus
Adware.iBryte.Win32.3712
2.0.0.2385

File size:
78.9 KB (80,752 bytes)

Product version:
2.4.8.1

Copyright:
Copyright (C) Premium Installer

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Adknowledge Fusion

Language:
English (United States)

Common path:
C:\users\{user}\downloads\vroot_setup\vroot_setup.exe

Digital Signature
Signed by:
Fileangels

Authority:
COMODO CA Limited

Valid from:
7/13/2014 5:00:00 PM

Valid to:
7/14/2015 4:59:59 PM

Subject:
CN=Fileangels, O=Fileangels, STREET=4600 Madison Ave FL 10, L=Kansas City, S=Missouri, PostalCode=64112, C=US

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
1D54F646CB5A85211464AF0FDAB3D591

File PE Metadata
Compilation timestamp:
11/8/2014 7:00:17 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
768:tQhMZp0tdmrlSBhTqyi88vWAJMHJYM5wOetW3eUZjwyDOJJu1o8L:tzZ2tbhFieAhDOO6P95L

Entry address:
0x60A1

Entry point:
E8, 42, 05, 00, 00, E9, 36, FD, FF, FF, CC, FF, 25, F4, 71, 40, 00, 6A, 14, 68, 40, A4, 40, 00, E8, B2, 00, 00, 00, FF, 35, 34, D4, 40, 00, 8B, 35, D4, 71, 40, 00, FF, D6, 59, 89, 45, E4, 83, F8, FF, 75, 0C, FF, 75, 08, FF, 15, D0, 71, 40, 00, 59, EB, 67, 6A, 08, E8, A2, 05, 00, 00, 59, 83, 65, FC, 00, FF, 35, 34, D4, 40, 00, FF, D6, 89, 45, E4, FF, 35, 30, D4, 40, 00, FF, D6, 59, 59, 89, 45, E0, 8D, 45, E0, 50, 8D, 45, E4, 50, FF, 75, 08, 8B, 35, BC, 71, 40, 00, FF, D6, 59, 50, E8, 65, 05, 00, 00, 89, 45...
 
[+]

Entropy:
5.8048

Code size:
23.5 KB (24,064 bytes)

The file vroot_setup.exe has been seen being distributed by the following URL.

http://www.needrom.com/wp-content/uploads/2014/.../VRoot_Setup.exe

Remove vroot_setup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.